https://bugzilla.novell.com/show_bug.cgi?id=752842 https://bugzilla.novell.com/show_bug.cgi?id=752842#c1 kk zhang changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kkzhang@novell.com AssignedTo|bnc-team-screening@forge.pr |bili@suse.com |ovo.novell.com | --- Comment #1 from kk zhang 2012-03-21 03:29:14 UTC --- Bili,could you please look at this?I am not sure whether it is right to assign it to you.Feel free to reassign it.Thank you. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=752842 https://bugzilla.novell.com/show_bug.cgi?id=752842#c3 roeland jansen changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|roeland@linux-it.nl | --- Comment #3 from roeland jansen 2012-03-23 10:27:43 UTC --- the IPv6 address is changing every approx 24 hours. reproduce: just install oS11.4/12.1 /etc/sysctl.conf should have a line like: # NO RANDOM "PRIVACY" GENERATION OF ADDRESSES net.ipv6.conf.default.use_tempaddr = 0 (instead of having to switch off this undesired generation by hand). e.g. the default should be -- do not generate random privacy addresses, unless specified in the yast systemconfig editor. (what happens is that the IP address changes every day so you cannot reliably connect to such a system over IPv6. That doesn't make sense) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=752842 https://bugzilla.novell.com/show_bug.cgi?id=752842#c Li Bin changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |roeland@linux-it.nl -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=752842 https://bugzilla.novell.com/show_bug.cgi?id=752842#c6 roeland jansen changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|roeland@linux-it.nl | --- Comment #6 from roeland jansen 2012-03-31 10:01:42 UTC --- so your question: remove the line and after 24 hours or so I cannot use ssh over IPv6 as the address has changed.... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=752842 https://bugzilla.novell.com/show_bug.cgi?id=752842#c8 --- Comment #8 from roeland jansen 2012-03-31 12:27:42 UTC --- I can answer that one. In versions before 12.1, the privacy extensions were disabled by default. You can switch them on if you like. However as of 12.1 and 12.2 they are enabled by default. Thta's IMHO undesirable. e.g. the default should be disabled. Roeland -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=752842 https://bugzilla.novell.com/show_bug.cgi?id=752842#c10 roeland jansen changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | --- Comment #10 from roeland jansen 2012-04-02 17:12:33 UTC --- it would have made sense for portable devices and only when dhcp is used. as with bnc678066 I fully agree with the part Freek said: "in my view Privacy Extension should only be the default for traveling systems. When Privacy Extensions are not enabled, systems that are static in a network always get the same address (i.e. the host part), derived from the MAC address. This makes it possible, in a small network, to use these addresses to communicate with each other, without the need for a DHCP6 and/or DNS server. With Privacy Extension always enabled, the IPv6 address changes each least each 24 hours, which makes it difficult to communicate without additional services that keep track of these changing addresses." What if we did it this way "best of both worlds": 1) if dhcp is used, we assume a portable system and have privacy extensions enabled by default via a box click box next to the IPv4 DHCP selection. 2) if static addresses are used we assume that this is deliberate so disable the privacy extensions by default via a click box next to the IPv4 IP address It's a complete pain in the ass if we want to have IPv6 deployed on a large scale. besides, it doesn't make much sense. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=752842 https://bugzilla.novell.com/show_bug.cgi?id=752842#c12 Marius Tomaschewski changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aj@suse.com --- Comment #12 from Marius Tomaschewski 2012-04-03 08:40:29 UTC --- (In reply to comment #10)

1) if dhcp is used, we assume a portable system and have privacy extensions enabled by default via a box click box next to the IPv4 DHCP selection.

If dhcp is used you are on a managed network and this setting isn't used at all, when the router does not permit autoconf in its RA, e.g.: AdvManagedFlag on; # enables DHCPv6 AdvOtherConfigFlag on; # other config also DHCPv6 prefix 2001:DB8:ABBA:BEBE:/64 { AdvAutonomous off; # disallows clients to assign # IPv6 addresses by them self }; On the dhcp6 server, you can can simply enable to use privacy extensions (ISC dhcp /dhcpd6.conf): subnet6 2001:DB8:ABBA:BEBE:/64 { ... # (i.e., direct application of RFC 4941) range6 2001:DB8:ABBA:BEBE:/64 temporary; ... # ... ddns-updates on; ... } and even update the dns records automatically using the temp addr. Basically, enabling privacy extensions without to use them, does not make much sense. And yes, it is about (mobile) client systems. Without this setting, their would use their MAC address based IPv6 address by default. On systems which provide services, you have to actively configure the services anyway and you can either change the setting or also configure the service to use a specific address (static or mac bases when you like). What could be done is that pattern trigger to install rpm which provides them, that is: pattern laptop installs sysctl-enable-tempaddr.rpm pattern desktop installs sysctl-enable-tempaddr.rpm pattern server installs sysctl-disable-tempaddr.rpm or something like this... This would be IMO an improvement. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=752842 https://bugzilla.novell.com/show_bug.cgi?id=752842#c14 Marius Tomaschewski changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEEDINFO Version|Final |Factory InfoProvider| |mvidner@suse.com Component|Network |Network CC| |mvidner@suse.com Target Milestone|--- |Factory Product|openSUSE 12.1 |openSUSE 12.2 Severity|Normal |Enhancement --- Comment #14 from Marius Tomaschewski 2012-04-03 08:51:19 UTC --- OK, it is not a bug, so I've changed it to enhancement request for 12.1: Martin, can we add a "button" to the yast2 network proposal to disable/enable privacy extensions additionally to the enable/disable IPv6 ? : [X] Enable IPv6 [enabled by default] [X] Enable IPv6 Privacy Extensions (RFC 4941) [enabled by default] The net.ipv6.conf.default.use_tempaddr sysctl has 3 settings (disable/public/privacy): Preference for Privacy Extensions (RFC3041). <= 0 : disable Privacy Extensions == 1 : enable Privacy Extensions, but prefer public addresses over temporary addresses. > 1 : enable Privacy Extensions and prefer temporary addresses over public addresses. Do you need a feature request for this? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=752842 https://bugzilla.novell.com/show_bug.cgi?id=752842#c Marius Tomaschewski changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mt@suse.com Summary|privacy extensions IPv6 are |privacy extensions IPv6 are |enabled since 12.1 and on |enabled since 12.1 and on - | |make it configurable in | |network proposal -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=752842 https://bugzilla.novell.com/show_bug.cgi?id=752842#c17 --- Comment #17 from Marius Tomaschewski 2012-04-03 08:59:32 UTC ---

with enable==3 and disable==9.

Huh? Again: Ahm... there are 3 settings, but I think we can reduce it to a checkbox with enable==2 and disable==0. The setting 1 (enable, but don't use) is IMO some kind of special case. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=752842 https://bugzilla.novell.com/show_bug.cgi?id=752842#c19 --- Comment #19 from roeland jansen 2012-04-03 19:31:41 UTC --- guys just wanted to say that the proposed enhancement sounds very sweet and thanks already! Roeland -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=752842 https://bugzilla.novell.com/show_bug.cgi?id=752842#c21 Martin Vidner changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|mvidner@suse.com |mfilka@suse.com --- Comment #21 from Martin Vidner 2012-08-15 14:46:58 CEST --- Some openSUSE bugs for the new maintainer of yast2-network. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=752842 http://bugzilla.novell.com/show_bug.cgi?id=752842#c23 Jiri Bohac changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |988023 --- Comment #23 from Jiri Bohac --- (In reply to Jiri Bohac from comment #22)

Privacy extensions should default to OFF.

I opened bsc#988023 to have the default changed. -- You are receiving this mail because: You are on the CC list for the bug.